< Back to listing

Posted 7 septembre 2015

Cryptology and encryption are among trending topics these days, refreshing some knowledge about the subject might hence be useful, to be aware of the risks for instance, related to the encryption of your connected objects, brought by technical advances in the field of quantum computers and their computing power.

Cryptography, the art of defensive ciphering and deciphering, has existed for centuries now. If the technics have evolved, its principle has always stayed more or less the same. Ciphering, to be efficient and hence secure, should follow four principles: authentication, confidentiality, integrity and non-repudiation. Ciphering is either done using a secret key, or a public key; in the latter case the ciphering algorithm is public but the secret part is inside the key. It should be noted that public key ciphering is 100 times as slow as symmetric private key ciphering. To be secured, a key should follow some conditions: the secret key should remain secret; the key should be randomly generated; the key should be periodically renewed; the key should have a minimum size (128 bits currently).

Ciphering is used in all of our mobile devices and in wireless networks. However, mobile phones and WIFI systems’ keys, which use a pseudorandom cipher suit, are breakable in two minutes by whoever has the knowledge and the adequate equipment. Historically, DES (invented by IBM) and triple-DES (192 bits with 168 bits payload or 128 bits with 112 bits payload) which were and are still used, do no longer resist attacks. Operators are aware, but not all of them use AES in its 128 bits form, which still resists potential threats. Research to break AES-128 is very active (life expectancy of 10 years!) and quantum computers’ help will serve the quest. In a June 2015 Global Security Mag’s article*, Renaud Lifchitz (an Oppida security advisor) insists on the fragility of asymmetrical cryptography as it is known. And all asymmetrical key sizes should be quickly doubled to stay beyond the reach of quantum attacks, but it’s asymmetrical cryptography, using RSA type algorithms, that might be quickly outdated, leading to fatal consequences for a tremendous number of our everyday security protocols: PKI, SSL, SSH, HTTPS, smart cards, etc. he adds. All scientists agree that, in 25 years, all of these protocols will be breakable. Research in this field is hence at its first steps…